version 1.115, 2013/03/19 17:00:55
|
version 1.116, 2013/07/04 13:46:29
|
|
|
# include <openssl/err.h> | # include <openssl/err.h> |
# include <openssl/ssl.h> | # include <openssl/ssl.h> |
# include <openssl/rand.h> | # include <openssl/rand.h> |
|
# include <openssl/tls1.h> |
#else | #else |
# define SSL_CTX void | # define SSL_CTX void |
#endif // end of PEGASUS_HAS_SSL | #endif // end of PEGASUS_HAS_SSL |
|
|
// | // |
// set overall SSL Context flags | // set overall SSL Context flags |
// | // |
|
// For OpenSSLversion >1.0.0 use SSL_OP_NO_COMPRESSION to disable the |
|
// compression For TLS 1.2 version, compression does not suffer from |
|
// CRIME attack so don.t disable compression For other OpenSSL versions |
|
// zero out the compression methods. |
|
#ifdef SSL_OP_NO_COMPRESSION |
|
#ifndef TLS1_2_VERSION |
|
SSL_CTX_set_options(sslContext, SSL_OP_NO_COMPRESSION); |
|
#endif |
|
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L |
|
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); |
|
#endif |
SSL_CTX_set_quiet_shutdown(sslContext, 1); | SSL_CTX_set_quiet_shutdown(sslContext, 1); |
SSL_CTX_set_mode(sslContext, SSL_MODE_AUTO_RETRY); | SSL_CTX_set_mode(sslContext, SSL_MODE_AUTO_RETRY); |
SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE); | SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE); |